1. Field of the Invention
The present invention relates to authentication and more specifically relates to a system and method of providing authentication based on a weighted average principal.
2. Introduction
Protection of digital content transferred between entities over a network is a principal element of computer security. Computer security includes protection of digital content from theft or corruption and also addresses the preservation of system availability. Authentication plays an important role in computer security. Authentication is the process of verifying the digital identity of the sender of a communication. Once an entity has been authenticated, data transfer between the two entities may begin.
Authentication systems provide differing levels of functionality. At a minimum, they allow a recipient to verify that a message originated from a particular user, program or computer. More powerful systems can ensure that messages cannot be copied and replayed in the future, prove to a third party that a message originated with a particular user (non-repudiation), or require multiple users to validate a message.
Authentication is often used in conjunction with cryptography. Cryptography is the traditional method of protecting data. Cryptography protects communications between two mutually trusting parties from thievery or hackers by attack on the data in transit. Encryption is the process of obscuring information in a systematic way, using an algorithm. Decryption is process of removing the protection and retrieving the original data. Encryption and decryption use a key, which is the shared secret that both parties must have. To ensure data integrity, only the authorized parties should hold the secret key.
In many communication systems, the weakest link in security is not the encrypted data but rather cryptographic key management and handling. Unauthorized users may gain access to sensitive data when key management is not performed securely.
Many processes for authenticating an entity have been proposed. Typically, a sender sends a message and both the sender and receiver use the message and a shared secret key to generate a signature. If the signatures are the same, the entity is accepted as authentic in a symmetric encryption scheme. If an asymmetric scheme is used, the system verifies the signature is valid since only the originator of the signature should be able to create that signature.
A system can be compromised when patterns in the signature can be detected and used to surmise and exploit the authentication process. Attacking such encryption schemes requires the collection of a set of the input and the output. Typically, encryption schemes are used to authenticate by encrypting a value. If both the sender and receiver generate the same value, authentication is achieved. What is needed in the art, however, is an improved authentication process that is less susceptible to hacking.